From 30728fa5dca858af79038878d597ffd24cb1fc26 Mon Sep 17 00:00:00 2001
From: MadCamel <madcamel@gmail.com>
Date: Sun, 4 Apr 2010 13:48:37 -0400
Subject: Added packet rate limiter and flood prevention system.

The idea behind this is to keep abusive clients from flooding the
server. Everything from over-voracious auto pick-up to exploitation
of NPC vulnerabilities is mitigated by this. It will also eventually
reduce server traffic, load, and possibly lag.

Config options in battle_athena.conf:
packet_spam_flood (default 30)
packet_spam_threshold (default 2)
packet_spam_kick (default 1)

Each packet type has a specified allowed incoming rate in milliseconds,
if this rate is exceeded the packet is ignored. If over 'flood' overruns
in 'threshold' seconds are detected, a flood is logged and a kick may be
triggered depending on the 'kick' config boolean.

The packet rates and flood thresholds have been tested and tweaked
on a live server, this should only affect abusive clients. Only
extremely abusive clients will trigger a log/kick condition.

This probably obsoletes the trade and kick spam code.
---
 src/map/battle.c | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

(limited to 'src/map/battle.c')

diff --git a/src/map/battle.c b/src/map/battle.c
index 579ea55..1cee690 100644
--- a/src/map/battle.c
+++ b/src/map/battle.c
@@ -5662,6 +5662,11 @@ int battle_config_read (const char *cfgName)
         battle_config.sit_spam_flood = 15;
         battle_config.sit_spam_ban = 0;
         battle_config.sit_spam_warn = 3;
+
+        battle_config.packet_spam_threshold = 2;
+        battle_config.packet_spam_flood = 30;
+        battle_config.packet_spam_kick = 1;
+
     }
 
     fp = fopen_ (cfgName, "r");
@@ -6122,7 +6127,13 @@ int battle_config_read (const char *cfgName)
             {
             "sit_spam_ban", &battle_config.sit_spam_ban},
             {
-            "sit_spam_warn", &battle_config.sit_spam_warn}
+            "sit_spam_warn", &battle_config.sit_spam_warn},
+            {
+            "packet_spam_threshold", &battle_config.packet_spam_threshold},
+            {
+            "packet_spam_flood", &battle_config.packet_spam_flood},
+            {
+            "packet_spam_kick", &battle_config.packet_spam_kick}
         };
 
         if (line[0] == '/' && line[1] == '/')
@@ -6304,6 +6315,21 @@ int battle_config_read (const char *cfgName)
         else if (battle_config.sit_spam_threshold > 32767)
             battle_config.sit_spam_threshold = 32767;
 
+        if (battle_config.packet_spam_threshold < 0)
+            battle_config.packet_spam_threshold = 0;
+        else if (battle_config.packet_spam_threshold > 32767)
+            battle_config.packet_spam_threshold = 32767;
+
+        if (battle_config.packet_spam_flood < 0)
+            battle_config.packet_spam_flood = 0;
+        else if (battle_config.packet_spam_flood > 32767)
+            battle_config.packet_spam_flood = 32767;
+
+        if (battle_config.packet_spam_kick < 0)
+            battle_config.packet_spam_kick = 0;
+        else if (battle_config.packet_spam_kick > 1)
+            battle_config.packet_spam_kick = 1;
+
         // at least 1 client must be accepted
         if ((battle_config.packet_ver_flag & 63) == 0)  // added by [Yor]
             battle_config.packet_ver_flag = 63; // accept all clients
-- 
cgit v1.2.3-70-g09d2